Automated Open Source Intelligence (OSINT) Using APIs – raidersec.blogspot.com
The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement.

Topera – code.google.com
Topera is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.

Techniques

Hacking the Wiegand Serial Protocol – blog.opensecurityresearch.com
“Wiegand” is used to describe a number of different things used within access control systems such as the format in which data is stored on a card, the protocol which is used to transmit the data, and different types of access cards that leverage it.

Scraping LinkedIn Public Profiles for Fun and Profit – blog.ikotler.orgReconnaissance and Information Gathering is a part of almost every penetration testing engagement. Often, the tester will only perform network reconnaissance in an attempt to disclose and learn the company’s network infrastructure (i.e. IP addresses, domain names, and etc), but there are other types of reconnaissance to conduct, and no, I’m not talking about dumpster diving.

Microsoft Security Bulletin MS12-078 – Critical – technet.microsoft.com
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker’s website.

WordPress W3 Total Cache Misconfiguration Leaves Some Blogs Vulnerable – threatpost.com
An apparent misconfiguration exists in W3 Total Cache (W3TC), a popular plugin for the WordPress blogging platform, that could allow an attacker to browse and download password hashes and other database information. W3 Total Cache (W3TC) is a framework for WordPress that helps speed up blogs by caching content.

EE-K! DMing your password is NEVER a good idea – troyhunt.com
EE is over in the UK and they’re “the new network for your digital life” who brings you “4G and Fibre Broadband”. A quick look at All My Tweets and it seems that requesting passwords through Twitter is a standard operating procedure. So what’s wrong with all this? Let’s count the ways.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.